First time trying to implement SAML as an SP. We decided to try using SimpleSAMLphp with our bespoke MVC framework as we figured it would save us time.
Problem that I have is that I end up in an infinite loop or the attributes are empty.
I have configured my metadata and tested it from the authenticate interface in SimpleSAMLphp. The idP has a post-back URL set that is different to where we begin, so:
SimpleSAML_Auth_Simple('our-configured-sp')
$as->requireAuth()
If we do this, we have to create a new instance using the same code ( $as = new SimpleSAML_Auth_Simple('our-configured-sp')
, for example) and when we do $as->getAttributes()
it is an empty array. We're using the phpsession
store.type
but when I look at the cookies on the domain I see only PHPSESSID
and SimpleSAMLAuthToken
So we tried putting it all into one method. As above, only you begin on domain.com/sso/saml except this time the loop keeps going over and over. The user hits our domain, is redirected to the idP, then redirected back to us, then back to the idP, for ever.
Eventually I gave up. I can get the response in $_POST['SAMLResponse']
and I can base64_decode()
it to see what it says. I put it into a SimpleXMLElement
object and was able to work with it. The problem is that the data is encrypted, and now I'm stuck trying to decrypt it.
I have data in these nodes but don't know what to do with it:
I don't know how to use each of these, though I can verify that the X509Certificate
is the public key to match my private key. I've tried decoding various values using different keys (or what I thought were keys) to no avail.
RSA1_5
AES256-CBC
(I've been trying mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $data, "cbc", $iv);
though I can't actually work out what I'm supposed to put into $key
or $data
) Ideally I'd like to get it working completely within SimpleSAMLphp, but I honestly have no idea what the problem is so I don't know how to sort it. Metadata looks like this:
$metadata = array(
'https://partner.com' => array(
'SingleSignOnService' => 'https://partner.com/sso/response',
'SingleLogoutService' => 'https://partner.com/sso/slo',
'assertion.encryption' => true,
'certificate' => partner.cer'
)
);
Authsources has this:
$config = array(
'our-configured-sp' => array(
'saml:SP',
'privatekey' => 'my.private.pem',
'certificate' => 'my.public.cert',
'idp' => 'https://partner.com',
'baseurlpath' => 'simplesaml/',
)
);
Any help? Preferably to get the whole thing working with SimpleSAMLphp, but if not I'd take a little guidance on how to decrypt the file.
Thanks everyone
Please check the One Login SAML php library, It is well documented and coded. You can easily use it to processResponse and the getAttributes do what you want.
I know the question is old, But it may help someone still looking for the same.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.